[Aide] AIDE configuration taking too long

Mason Nakadomari nakadoma at hawaii.edu
Mon Sep 2 12:47:02 EEST 2013


I've removed /proc /dev /sys from my scans and even cutdown on /var/spool
and /var/log. However my scans are still taking more than 24 hours to
complete. Any other recommended configs. The aide manual gave hints but
nothing definite. Still having trouble completing an init. Sorry but I'm
getting frustrated. I suspect I'm doing this wrong somehow. All the checks
are done via a centralized server and it sshs into the desired host. Please
advise. I'm sorry if it seems like I don't know beans. I don't know aide
very well. Thanks.
On Aug 29, 2013 12:27 PM, "Mason Nakadomari" <nakadoma at hawaii.edu> wrote:

> I'm enacting some of your advice immediately thank you very much to the
> both of you. I'll let you know my progress. I know I'm a rookie at this but
> I appreciate the help.
>
>
> On Thu, Aug 29, 2013 at 8:49 AM, Marc Haber <mh+aide at zugschlus.de> wrote:
>
>> On Thu, Aug 29, 2013 at 08:09:34AM -1000, Mason Nakadomari wrote:
>> > Meaning I will see if my scans go faster without those directories but
>> I'd
>> > still like to scan those directories in a way to make it faster. It
>> > shouldn't be impossible to scan those directories should it?
>>
>> /proc and /sys - on Linux - are virtual file systems that the kernel
>> fills with information about the system and that are used to configure
>> certains aspects of the system. An attacker is very unlikely to place
>> data in there.
>>
>> /dev/ should be scanned with certain exceptions. Any moderately
>> experienced Unix admin should know which files should be excluded
>> (disks, random, zero come to mind).
>>
>> Greetings
>> Marc
>>
>> --
>>
>> -----------------------------------------------------------------------------
>> Marc Haber         | "I don't trust Computers. They | Mailadresse im
>> Header
>> Mannheim, Germany  |  lose things."    Winona Ryder | Fon: *49 621
>> 31958061
>> Nordisch by Nature |  How to make an American Quilt | Fax: *49 621
>> 31958062
>> _______________________________________________
>> Aide mailing list
>> Aide at cs.tut.fi
>> https://mailman.cs.tut.fi/mailman/listinfo/aide
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.cs.tut.fi/pipermail/aide/attachments/20130901/409a23bb/attachment.html 


More information about the Aide mailing list